35 lines
955 B
YAML
35 lines
955 B
YAML
name: trivy-scan-image
|
|
run-name: Trivy - Scan Docker Image
|
|
|
|
on:
|
|
workflow_dispatch: # Manuelles Auslösen des Workflows
|
|
inputs:
|
|
image_tag:
|
|
description: 'Tag für das zu scannende Docker-Image z.B. latest'
|
|
required: true
|
|
default: 'latest'
|
|
schedule:
|
|
- cron: '15 1 * * 5'
|
|
|
|
env:
|
|
image_name: 404_games
|
|
image_tag: ${{ github.event.inputs.image_tag || 'latest' }}
|
|
registry: gitea.tebarius.duckdns.org
|
|
user: tebarius
|
|
|
|
jobs:
|
|
trivy_image_scan:
|
|
runs-on: ubuntu-latest
|
|
container: aquasec/trivy:latest
|
|
steps:
|
|
- name: Scan image with trivy
|
|
run: |
|
|
trivy image \
|
|
--username ${{ env.user }} \
|
|
--password ${{ secrets.DOCKER_PULL_TOKEN }} \
|
|
--exit-code 1 \
|
|
--scanners vuln,misconfig,secret \
|
|
--severity HIGH,CRITICAL \
|
|
--ignore-unfixed \
|
|
${{ env.registry }}/${{ env.user }}/${{ env.image_name }}:${{ env.image_tag }}
|